Login Sign Up

CVE-2025-69821

7.4 HIGH
Denial of Service

📋 TL;DR

A vulnerability in Beat XP VEGA Smartwatch firmware allows attackers to cause denial of service via Bluetooth Low Energy (BLE) connections. This affects users of Beat XP VEGA Smartwatch with vulnerable firmware versions, potentially disrupting device functionality. The attack requires proximity to the smartwatch for BLE communication.

💻 Affected Systems

Products:
  • Beat XP VEGA Smartwatch
Versions: Firmware Version RB303ATV006229
Operating Systems: Embedded RTOS (proprietary)
Default Config Vulnerable: ⚠️ Yes
Notes: All devices with this firmware version are vulnerable when BLE is enabled (default setting).

📦 What is this software?

Vega Smartwatch Firmware by Beatxp

View all CVEs affecting Vega Smartwatch Firmware →

⚠️ Risk & Real-World Impact

🔴

Worst Case

Permanent device bricking requiring hardware replacement, complete loss of smartwatch functionality including health tracking and notifications.

🟠

Likely Case

Temporary device unresponsiveness requiring reboot, disruption of BLE connectivity with paired devices like smartphones.

🟢

If Mitigated

Minor service interruption with automatic recovery, limited to specific BLE functionality while core features remain operational.

🌐 Internet-Facing: LOW - Attack requires physical proximity via BLE, not internet connectivity.
🏢 Internal Only: MEDIUM - Within BLE range (~10 meters), attackers can disrupt device operation without authentication.

🎯 Exploit Status

Public PoC: ⚠️ Yes
Weaponized: LIKELY
Unauthenticated Exploit: ⚠️ Yes
Complexity: LOW

Proof-of-concept available in GitHub repository, requires BLE communication tools like gatttool or nRF Connect.

🛠️ Fix & Mitigation

✅ Official Fix

Patch Version: Not available

Vendor Advisory: Not available

Restart Required: No

Instructions:

No official patch available. Monitor Beat XP website for firmware updates and apply when released.

🔧 Temporary Workarounds

Disable BLE when not in use

all

Turn off Bluetooth on the smartwatch to prevent BLE-based attacks

Navigate to Settings > Connectivity > Bluetooth > Turn Off

Limit BLE pairing

all

Only pair with trusted devices and disable discoverability mode

Settings > Connectivity > Bluetooth > Visibility > Hidden

🧯 If You Can't Patch

  • Physically secure device when not in use to prevent proximity-based attacks
  • Use device only in trusted environments with controlled BLE access

🔍 How to Verify

Check if Vulnerable:

Check firmware version in Settings > About > Firmware Version. If version is RB303ATV006229, device is vulnerable.

Check Version:

Not applicable - check via device settings menu

Verify Fix Applied:

After firmware update, verify version is different from RB303ATV006229 in Settings > About > Firmware Version.

📡 Detection & Monitoring

Log Indicators:

  • Multiple failed BLE connection attempts
  • Unexpected BLE disconnections
  • Device reboot events

Network Indicators:

  • Unusual BLE traffic patterns from unknown MAC addresses
  • Repeated connection requests to smartwatch

SIEM Query:

Not applicable - primarily physical proximity attack

📊 Metadata

CVE ID: CVE-2025-69821
CVSS v3 Score: 7.4 (HIGH)
CVSS Vector: CVSS:3.1/AV:A/AC:L/PR:N/UI:N/S:C/C:N/I:N/A:H
CWE: CWE-404
EPSS Score: 0.01% exploit probability (0.9th percentile)
Published: January 22, 2026
Last Updated: February 2, 2026

🔗 References

📤 Share & Export

📄 Export Markdown 📋 Export JSON

🔗 Related Vulnerabilities

If you're affected by CVE-2025-69821, you might also want to check these:

CVE-2025-38385 7.8

This CVE describes a kernel warning triggered during USB device disconnection in the Linux kernel's ...

Same vulnerability type (CWE-404)
CVE-2022-23033 7.8

This Xen hypervisor vulnerability on ARM systems allows guest virtual machines to retain access to m...

Same vulnerability type (CWE-404)
CVE-2021-0984 7.8

This vulnerability in Android 12 allows local privilege escalation without user interaction. An inco...

Same vulnerability type (CWE-404)